fix: Migrate gsutil usage to gcloud storage (#3331)

Author: gurusai-voleti

cli/docs/scorecard.md

@@ -24,12 +24,12 @@ This tutorial will walk you through setting up Scorecard for a single project.
     ```
 4. Create a GCS bucket for storing CAI data:
     ```
-    gsutil mb gs://$CAI_BUCKET_NAME
+    gcloud storage buckets create gs://$CAI_BUCKET_NAME
     ```
 5. Optionally, create a public GCS bucket to trigger a violation:
     ```
-    gsutil mb gs://$PUBLIC_BUCKET_NAME
-    gsutil iam ch allUsers:objectViewer gs://$PUBLIC_BUCKET_NAME
+    gcloud storage buckets create gs://$PUBLIC_BUCKET_NAME
+    gcloud storage buckets add-iam-policy-binding gs://$PUBLIC_BUCKET_NAME --member=allUsers --role=roles/storage.objectViewer
     ```
 6. Optionally, export the CAI data to GCS:
     ```
@@ -91,8 +91,8 @@ You can also run CFT Scorecard against locally downloaded CAI data:
 
 ```
 mkdir cai-dir
-gsutil cp gs://$CAI_BUCKET_NAME/resource_inventory.json ./cai-dir/
-gsutil cp gs://$CAI_BUCKET_NAME/iam_inventory.json ./cai-dir/
+gcloud storage cp gs://$CAI_BUCKET_NAME/resource_inventory.json ./cai-dir/
+gcloud storage cp gs://$CAI_BUCKET_NAME/iam_inventory.json ./cai-dir/
 ./cft scorecard --policy-path ./policy-library \
   --dir-path ./cai-dir
 ```

infra/build/Makefile

@@ -56,7 +56,7 @@ OPA_VERSION := 0.52.0
 # Updated by Update Tooling Workflow
 GCRANE_VERSION := 0.20.7
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.26.0
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.26.1
 DOCKER_TAG_MAJOR_VERSION_DEVELOPER_TOOLS := $(firstword $(subst ., , $(DOCKER_TAG_VERSION_DEVELOPER_TOOLS)))
 DOCKER_TAG_MINOR_VERSION_DEVELOPER_TOOLS := $(shell echo "${DOCKER_TAG_VERSION_DEVELOPER_TOOLS}" | awk -F. '{print $$1"."$$2}')
 

infra/build/developer-tools/Dockerfile

@@ -68,7 +68,7 @@ RUN apk upgrade --no-cache && \
 # Add all build scripts
 ADD ./build/*.sh /build/
 
-# Add cloud sdk first, gsutil required by some installers
+# Add cloud sdk first
 ARG CLOUD_SDK_VERSION
 RUN /build/install_cloud_sdk.sh ${CLOUD_SDK_VERSION}
 

infra/build/developer-tools/build/install_cloud_sdk.sh

@@ -38,4 +38,3 @@ gcloud components install alpha beta terraform-tools gke-gcloud-auth-plugin --qu
 rm -rf /usr/local/google-cloud-sdk/.install/.backup
 
 gcloud --version
-gsutil version -l

infra/build/developer-tools/build/install_tinkey.sh

@@ -21,7 +21,7 @@ cd /build/install_tinkey
 
 TINKEY_VERSION=$1
 
-gsutil cp "gs://tinkey/tinkey-${TINKEY_VERSION}.tar.gz" .
+curl -L -O https://storage.googleapis.com/tinkey/tinkey-${TINKEY_VERSION}.tar.gz
 tar -xzf "tinkey-${TINKEY_VERSION}.tar.gz"
 
 install -o 0 -g 0 -m 0755 tinkey_deploy.jar /usr/bin/

infra/build/developer-tools/build/scripts/task_helper_functions.sh

@@ -532,7 +532,7 @@ function fix_headers() {
 # Given SERVICE_ACCOUNT_JSON with the JSON string of a service account key,
 # initialize the SA credentials for use with:
 # 1: terraform
-# 2: gcloud (passes SA creds implicitly to gsutil and bq-script)
+# 2: gcloud (passes SA creds implicitly bq-script)
 # 3: Kitchen and inspec
 #
 # Add service acocunt support for additional tools as needed, preferring the
@@ -563,7 +563,7 @@ init_credentials() {
   # https://github.com/inspec/inspec-gcp#create-credentials-file-via
   export GOOGLE_APPLICATION_CREDENTIALS="${tmpfile}"
 
-  # Login to GCP for using bq-script and gsutil
+  # Login to GCP for using bq-script
   gcloud auth activate-service-account --key-file="${GOOGLE_APPLICATION_CREDENTIALS}"
 }